0

I am trying to write some code to look through all of the files in my server and return files that contain a certain string. The problem is that I only know the comment in the files I'm looking for is the key and I feel like this may be messing this up.

I have a function that recursively searches for files in all directories which works fine, but the reading of the file and searching of the string is not working properly. 

<?php
$mal = "//###=CACHE START=###";


function getDirContents($dir) {
    $files = scandir($dir);
    foreach($files as $file) {
        if($file == "." || $file == "..") continue;
        if(!is_file($dir . $file)){
            echo "Folder: " . $dir . $file . "<br />";
            getDirContents($dir.$file."/");
        } else {
            echo "File: " . $dir . $file . "<br />";
            $content = file_get_contents($dir . $file);
            if (strpos($content, $mal) !== false) {
                echo "FOUND" . $dir.$file . "<br>";
            }
        }
    }
}

$dir = "./";
getDirContents($dir);


?>

For some reason, this is returning .png and .jpg files as "FOUND" and I'm not sure why. I have many files that have the $mal string in them, but it's a comment and I'm not sure if that matters. Either way, it is not working properly and not finding the files that I'm looking for.

Improve this question
0

1 Answer 1

Reset to default
3

This fails because the thing you're searching for is not actually in scope - in the function scope $mal is actually NULL and thus always found. This is outlined in the documentation at http://php.net/manual/en/language.variables.scope.php

<?php
$a = 1; /* global scope */ 

function test()
{ 
    echo $a; /* reference to local scope variable */ 
} 

test();

This script will not produce any output because the echo statement refers to a local version of the $a variable, and it has not been assigned a value within this scope. You may notice that this is a little bit different from the C language in that global variables in C are automatically available to functions unless specifically overridden by a local definition. This can cause some problems in that people may inadvertently change a global variable. In PHP global variables must be declared global inside a function if they are going to be used in that function.

A quick and dirty way to fix this is to declare $mal a global. Saner is to pass it in as a parameter to your function, along with the dir.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Ah, that was a bonehead move! I remembered that with the $dir but not the $mal. Thank you. That half-solved my problem. Now, for some reason, I can't search for anything that is considered php code. I have done some testing and was able to find <div> in many files, but what I need to search for now is the comment string which seems to not be working.
@ntgCleaner that seems like a different question. More generally, there's probably not much point re-implementing grep in PHP when you can just call grep.
Well, I'm trying to find a block of code inside of multiple files so I may remove it. My server was compromised and I have found the infection point, I just need to go through all files on my server and remove this block of code, which is written in php, not as a string. Is there an option for this?
@ntgCleaner Yes. Wipe the server, install clean copy of code.
Haha, yes, that's my last resort. I've found the affected files and the security hole, I have a list of affected files from the server and I'm just trying to make my job quicker by writing a script do delete this block, rather than me doing it the slow way. - I just wrote a new question to target this specifically.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.